Since entering December, the DNS server recursive column high, after several days of analysis and processing, now the problem has been resolved, the specific content is as follows:
Reason:
1. The recent increase in DDoS attacks with the randomization suffix.
2, for the randomization suffix DDoS attack, the root Server Manager to limit the request, the limit is: The request of the randomization suffix (NXDOMAIN) if the limit (rate-limiting), then return to the truncated flag, requires the recursive server to go TCP, However, the root server basically does not respond to TCP.
3, in China should have 4 root servers of the sub-station, the most used is F (192.5.5.241), and this F server did the speed limit!
4, several other servers for anycast sake, use very little.
5, it is because the F server to the randomization suffix of the speed limit operation, resulting in the operator cache server recursive column greatly increased, thus affecting the efficiency of the cache server, resulting in slow response, parsing failure and so on.
Conclusion: F server is engaged in earthquake, cache server is very injured!!!
2 Strategies:
1, self-built root server, the configuration of the F server is modified to the local root server. Fortunately, the root zone file can be downloaded, and it is not difficult to build a root server. Then modify the cache server hints configuration to point the root server to the local root server.
3, if you are using bind, you can also modify the bind configuration, self-built root zone, from the F Server synchronization data, this should be the simplest and quickest way, but in the current many operators will cache and authorization to separate the situation can not be implemented.
Implementation results: The cache server recursive column dropped significantly, the server response speed increased.
Spit Trough: The so-called accelerated music, is a are disruptive, hope in the chaos to improve their reputation in the garbage company, proposed solutions at all did not solve the key points, will only let the unknown people fooled. Look at their garbage. Report: http://toutiao.com/i6230664412248670721/
Analysis and countermeasure of DNS root server parsing exception since December